About the connectorQualys Vulnerability Management is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations, allows you to address new security and compliance requirements, and to find and fix vulnerabilities fast before hackers can attack or compromise your system. Show
This document provides information about the Qualys connector, which facilitates automated interactions, with a Qualys server using FortiSOAR™ playbooks. Add the Qualys connector as a step in FortiSOAR™ playbooks and perform automated operations, such as launching compliance scans on the Qualys API server and managing virtual hosts from the Qualys API server. Version informationConnector Version: 1.0.1 FortiSOAR™ Version Tested on: 4.12.0-746 Qualys Version Tested on: 8.14.3.0-1 Authored By: Fortinet Certified: Yes Release Notes for version 1.0.1Following enhancements have been made to the Qualys connector in version 1.0.1:
Installing the connectorAll connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors: yum install cyops-connector-qualys For the detailed procedure to install a connector, click here. Prerequisites to configuring the connector
Configuring the connectorFor the procedure to configure a connector, click here. Configuration parametersIn FortiSOAR™, on the Connectors page, click the Qualys connector row, and in the Configuration tab enter the required configuration details.
Actions supported by the connectorThe following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
operation: Add AssetsInput parameters
OutputThe JSON output displays a message containing the result of the Add Assets operation and the datetime when the asset(s) were added on the Qualys cloud. The output contains the following populated JSON schema: operation: Get Asset ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list of all available assets retrieved from the Qualys cloud or specific assets based on the input parameters you have specified. The output contains the following populated JSON schema: operation: Update AssetInput parameters
OutputThe JSON output displays a message containing the result of the Update Assets operation and the datetime when the asset(s) were updated on the Qualys cloud. The output contains the following populated JSON schema: operation: Get Asset Group ListNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned. Input parameters
OutputThe output contains the following populated JSON schema: "DATETIME": "" operation: Get Host Detection ListInput parametersNote: This API is available to Express Lite users, and all the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe output contains a non-dictionary value. operation: Get Scanned Host ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list and details of all scanned hosts retrieved from the Qualys cloud or specific scanned hosts based on the input parameters you have specified. The output contains the following populated JSON schema: operation: Manage Virtual HostInput parameters
OutputThe JSON output displays a message containing the result and item details of the Manage Virtual Host operation and the datetime when the actions that you specified for managing the virtual host were performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Get Virtual Host ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list and details of all virtual hosts for the user's account retrieved from the Qualys cloud or the list and details of specific virtual hosts based on the input parameters you have specified. The output contains the following populated JSON schema: "DATETIME": "" operation: Manage Excluded HostInput parameters
OutputThe JSON output displays a message containing the result and item details of the Manage Excluded Host operation and the datetime when the actions that you specified for managing the excluded host were performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Get Excluded Host ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list of all excluded hosts for the user's account retrieved from the Qualys cloud or the list of specific excluded hosts based on the input parameters you have specified. The output contains the following populated JSON schema: operation: Get Option ProfilesInput parametersNone. OutputThe JSON output contains a list of all available option profiles and their details like basic info, map, scan, etc., retrieved from the Qualys cloud. The output contains the following populated JSON schema: operation: Get Scanner ApplianceInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe output contains the following populated JSON schema:
operation: VM - Launch ScanInput parameters
OutputThe JSON output displays a message containing the result of the VM - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud. The output contains the following populated JSON schema: operation: VM - Get Scan ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list of all vulnerability scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific vulnerability scans based on the input parameters you have specified. The output contains the following populated JSON schema:{ operation: VM - Fetch ScanInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains details of the of the attached file. The output contains the following populated JSON schema: operation: VM - Manage ScanInput parameters
OutputThe JSON output displays a message containing the result of the VM - Manage Scan operation and the item details of the action performed on the Qualys cloud. The output contains the following populated JSON schema: "ITEM_LIST": { operation: PC - Launch ScanInput parameters
OutputThe JSON output displays a message containing the result of the PC - Launch Scan operation and the item details such as scan reference number and scan ID of the scan performed on the Qualys cloud. The output contains the following populated JSON schema: operation: PC - Get Scan ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list of all compliance scans and their details such as user login, title, duration, option profile details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of specific compliance scans based on the input parameters you have specified. The output contains the following populated JSON schema: operation: PC - Fetch ScanInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains the details of the attached file. The output contains the following populated JSON schema: operation: PC - Manage ScanInput parameters
OutputThe JSON output displays a message containing the result of the PC - Manage Scan operation and the item details of the action performed on the Qualys cloud. The output contains the following populated JSON schema: "DATETIME": "", operation: Get Schedule Scan ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list of all report templates and their details such as ID, Template type, title, user, type, etc., for the user's account retrieved from the Qualys cloud. The output contains the following populated JSON schema: operation: Get Vulnerability ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe output contains the following populated JSON schema: operation: Get Report Template ListInput parametersNone. OutputThe JSON output contains a list of all scheduled scans and their details such as title, target, processing priority, option profile details, user entered IPs, schedule details, etc., for the user's account retrieved from the Qualys cloud, or the list and details of scheduled compliance scans based on the input parameters you have specified. The output contains the following populated JSON schema: "LAST_UPDATE": "", "ID": "", "TEMPLATE_TYPE": "" operation: Launch Scheduled ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Scheduled Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Scan Based Findings ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Scan Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Host Based Findings ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Host Based Findings Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Patch ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Patch Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Remediation ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Remediation Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Compliance ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Compliance Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Compliance Policy ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Compliance Policy Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Launch Scorecard ReportInput parameters
OutputThe JSON output displays a message containing the result of the Launch Scorecard Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: operation: Download Saved ReportInput parameters
OutputThe JSON output contains the details of the report that you have downloaded in the user's account on the Qualys cloud, based on the report ID you have specified. The output contains the following populated JSON schema: operation: Get Report ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific reports based on the input parameters you have specified. The output contains the following populated JSON schema: operation: Get Scheduled Report ListInput parametersNote: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
OutputThe JSON output contains a list and details such as report id , type, user login, output format, title, status etc. of all scheduled reports that are saved in the the user's Report Share storage space and retrieved from the Qualys cloud, or the list and details of specific scheduled reports based on the input parameters you have specified. The output contains the following populated JSON schema: operation: Delete ReportInput parameters
OutputThe JSON output displays a message containing the result of the Delete Report operation and details such as report ID and datetime of when this operation was performed on the Qualys cloud. The output contains the following populated JSON schema: Included playbooksThe Sample - Qualys - 1.0.1 playbook collection comes bundled with the Qualys connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Qualys connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete. How do I create a policy in Qualys?Go to PC > Policies > New > Policy > Create from Scratch. Follow the wizard to select policy technologies, assign assets to the policy, and give your policy a name. Choose whether to keep the policy active or inactive. When the Policy Editor appears, you can add controls to your policy and set control values.
What is policy compliance in Qualys?Qualys Policy Compliance (PC) is a cloud. service that performs automated security. configuration assessments on your IT. systems, whether they're on-premises, remote, or in the cloud.
What are some of the present options for adding security to Qualys user accounts choose 3?Go to Users > Setup > Security to set advanced password security settings. For example, allow users to define their own passwords, set password expiration, set the number failed login attempts that lock a user's account. Your settings will apply to all user accounts in the subscription.
Which root delegation services can be used to perform a Qualys compliance scan choose three?Transmission Control Protocol.. TCP and UDP port.. Qualys.. |